Hacker Leaks 23andMe User Data On Cybercrime Forum

The genetics testing company 23andMe has confirmed a recent data breach and is currently investigating the incident.

Reports indicate that several million data points from 23andMe user accounts have surfaced on Breach Forums, a cybercrime marketplace. This leak includes a significant amount of user information obtained from the company’s data subset.

23andMe, a prominent biotechnology company, offers services for ancestry history, DNA testing, family genealogy and customized health insights.

When the hackers posted the data on Breach Forums, they claimed that it consisted of 1 million genetic data points specifically from Ashkenazi Jews. The leak also affected hundreds of thousands of users of Chinese nationality. The hackers’ reference to “Ashkenazi Jews” has raised concerns, particularly within the Jewish community, given the ongoing Israel-Hamas conflict and rising anti-Semitism concerns.

Starting Wednesday, unidentified hackers began selling 23andMe profiles. The cost of each user profile varies from $1 to $10, depending on the purchase amount. The data includes a user’s display name, gender, birth year and details about their genetic ancestry, like being “broadly European” or “broadly Arabic.”

Ronnie Tokazowski, a digital scams researcher, said, “Credential stuffing never really went away, and a lot of it just comes down to the fact that humans reuse their passwords—that’s what makes it possible. And the fact that it’s claiming to target a Jewish population or celebrities—it’s not shocking. It reflects the underbelly of the internet.”

Golem, a hacker, released fresh 23andMe data on Tuesday, including user ancestry information. This data leak encompassed approximately four million private user records and was distributed on a cybercrime forum. Golem asserted that the dataset included information about individuals from Great Britain, including details about “the wealthiest people living in the U.S. and Western Europe on this list.”

Nonetheless, the genetics testing firm has informed the public that it is currently engaged in efforts to authenticate the data.

Andy Kill, a spokesperson for 23andMe, issued a statement in an email concerning the recent data leak. Kill mentioned that the company is presently “reviewing the data to determine if it is legitimate.”

23andMe disclosed that hackers gained access to certain user data through a method known as “credential stuffing.” This method involves attempting various combinations of usernames or emails and associated passwords that have been exposed in previous external data breaches.

Consequently, 23andMe has advised users to modify their passwords and has prompted them to enable multi-factor authentication for added security.